Surprisingly, while there’s been interest in the security
implications of wearable devices, the focus within the research
community has been on how these devices might be attacked rather
than on how these devices challenge existing social assumptions.

I don’t think this is surprising at all. Researchers are rewarded for
working on attacks, and, in comparison, penalized for working on
defenses.

This attack bias is damaging for security research; we need more
defenses, not more attacks. Since some people, at least, don’t
realize that there is a such a bias, let’s look at the evidence.

Security research is one of those disciplines that actually gets
reported on outside of academia, in more mainstream media. I took a
look at all academic papers mentioned in security articles at
ArsTechnica so far in 2013:

That’s 27 articles. Out of those 27 I count 3 primarily defensive
papers, 1 paper that is evenly balanced between attack and defense,
and 2 papers that I would not classify as either attack or defense.
The remaining 21 papers I would classify as attack focused. You can
see the attack focus of the reporting just by looking at the article
headlines.

It’s not surprising that mainstream media outlets would focus on
sensationalist stories. Within the academic community itself, things
are a bit better. In some fields—cryptography—I don’t think there
is an attack bias at all. The attack bias gets stronger as the field
gets more applied, culminating in the kind of presentations you see at
BlackHat.

In any case, I’m sure most academic security researchers know that the
way to get publicity is to work on attacks. The research that
Migicovsky mentions in his
post
is itself a perfect example: it shows how to use smart watches to
cheat. That’s attack research, not defense research.